iptables设置一例
时间:2006-06-02 来源:nothing9
!/bin/bash
#define const here
Accept_Ports="80 20 21" #允许internet访问的自己服务端口
# init
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
# set default ruler here
iptables -P INPUT DROP
# Allow inner Network access
iptables -A INPUT -i !ppp0 -j ACCEPT
# set stated ruler here,this is the most important ruler
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# set ruler so that other can access service on your server
for Port in "$Accept_Ports" ; do
iptables -A INPUT -i ppp0 -p udp --dport ${Port} -j ACCEPT
iptables -A INPUT -i ppp0 -p tpc --dport ${Port} -j ACCEPT
done
# the ruler can make you firewall betterd
iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -i ppp0 -p udp -j REJECT --reject-with icmp-port-unreachable
注:有状态防火墙需要内核的支持,幸好,多数的发行版都支持这一特征
#define const here
Accept_Ports="80 20 21" #允许internet访问的自己服务端口
# init
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
# set default ruler here
iptables -P INPUT DROP
# Allow inner Network access
iptables -A INPUT -i !ppp0 -j ACCEPT
# set stated ruler here,this is the most important ruler
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# set ruler so that other can access service on your server
for Port in "$Accept_Ports" ; do
iptables -A INPUT -i ppp0 -p udp --dport ${Port} -j ACCEPT
iptables -A INPUT -i ppp0 -p tpc --dport ${Port} -j ACCEPT
done
# the ruler can make you firewall betterd
iptables -A INPUT -i ppp0 -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -i ppp0 -p udp -j REJECT --reject-with icmp-port-unreachable
注:有状态防火墙需要内核的支持,幸好,多数的发行版都支持这一特征
相关阅读 更多 +
